Medium: php

Issue Overview: A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the...

Important: runc

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Important: kernel-livepatch-4.14.311-233.529

Issue Overview: An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124...

Important: kernel-livepatch-5.10.179-166.674

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

Important: kernel-livepatch-5.10.176-157.645

Issue Overview: A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. CVE-2022-4379 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch...

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

SUSE CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service application crash, a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset function within...

Important: kernel-livepatch-4.14.299-223.520

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

Important: kernel-livepatch-5.10.155-138.670

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function followpagepte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended ...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver, resulting in a PCIe link disconnect. CVE-2022-3169 Affected Packages: kernel Note:...

Important: kernel-livepatch-4.14.290-217.505

Issue Overview: A use-after-free flaw was found in route4change in the net/sched/clsroute.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem. CVE-2022-2588 Affected Packages:...

Medium: java-1.8.0-amazon-corretto

Issue Overview: 2023-05-11: CVE-2022-21618 and CVE-2022-39399 have changed status to NOT AFFECTED for this package and have been removed from this advisory. Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are...

Medium: containerd, docker

Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: containerd, docker Note: This advisory is applicabl...

ALPINE-CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service application crash, a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset function within...

UBUNTU-CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service application crash, a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset function within...

Important: kernel-livepatch-5.10.109-104.500

Issue Overview: A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. CVE-2022-1966 Affected Packages: kernel-livepatch-5.10.109-104.500 Issue...

Important: kernel-livepatch-5.10.112-108.499

Issue Overview: A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. CVE-2022-1966 Affected Packages: kernel-livepatch-5.10.112-108.499 Issue...

Important: kernel-livepatch-5.10.118-111.515

Issue Overview: A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. CVE-2022-1966 Affected Packages: kernel-livepatch-5.10.118-111.515 Issue...